プラットフォーム
go
コンポーネント
github.com/mattermost/mattermost/server/v8
修正版
11.2.3
10.11.11
11.4.1
11.3.2
11.4.1
CVE-2026-27659 is a Cross-Site Request Forgery (CSRF) vulnerability discovered in Mattermost's /api/v4/accesscontrolpolicies/{policy_id}/activate endpoint. This flaw allows an attacker to potentially manipulate access control policies by tricking an authenticated administrator into unknowingly executing a malicious request. The vulnerability impacts Mattermost versions 11.2.x up to 11.2.2, 10.11.x up to 10.11.10, 11.4.x up to 11.4.0, and 11.3.x up to 11.3.1. A fix is available in version 11.4.1.
Successful exploitation of CVE-2026-27659 could allow an attacker to gain unauthorized control over Mattermost's access control policies. This could lead to scenarios where sensitive data is exposed, unauthorized users are granted access, or critical system functions are compromised. For example, an attacker could disable access controls for specific channels or teams, effectively granting themselves or others unrestricted access. The blast radius extends to any data or functionality protected by the manipulated access control policies. The ability to modify access control policies represents a significant escalation of privilege within the Mattermost environment.
This vulnerability was publicly disclosed on March 25, 2026, with the publication of Mattermost Advisory MMSA-2026-00578. The CSRF nature of the vulnerability suggests a relatively low probability of exploitation (EPSS score likely low), but the potential impact warrants attention. No public proof-of-concept (PoC) code has been publicly released as of this writing, but the ease of crafting CSRF requests means a PoC could emerge quickly. Monitor Mattermost forums and security mailing lists for updates.
Organizations heavily reliant on Mattermost for internal communication and collaboration are particularly at risk. Teams with lax access control policies or those that frequently grant administrative privileges to non-technical users are also more vulnerable. Shared hosting environments where multiple Mattermost instances share the same server could also be affected, potentially allowing an attacker to exploit the vulnerability across multiple instances.
• linux / server: Monitor Mattermost access logs for unusual activity related to the /api/v4/accesscontrolpolicies/{policy_id}/activate endpoint. Look for requests originating from unexpected IP addresses or user agents.
journalctl -u mattermost -f | grep '/api/v4/access_control_policies/'• generic web: Use curl to test the endpoint with a crafted CSRF token. Verify that the server rejects the request if the token is invalid.
curl -X POST -H "Content-Type: application/json" -H "X-CSRF-Token: INVALID_TOKEN" "https://mattermost.example.com/api/v4/access_control_policies/{policy_id}/activate"• go: Examine Mattermost server code for instances of the vulnerable endpoint and ensure CSRF token validation is properly implemented. Review recent code changes for potential regressions.
disclosure
patch
エクスプロイト状況
EPSS
0.02% (6% パーセンタイル)
CISA SSVC
CVSS ベクトル
The primary mitigation for CVE-2026-27659 is to upgrade Mattermost to version 11.4.1 or later. If immediate upgrading is not possible, consider implementing temporary workarounds. While a direct WAF rule is difficult to implement due to the nature of CSRF, enforcing strict authentication and authorization policies can reduce the attack surface. Review and audit existing access control policies to identify any anomalies or suspicious configurations. Educate administrators about the risks of CSRF and the importance of verifying requests before executing them. After upgrading, confirm the fix by attempting to trigger the vulnerable endpoint with a crafted CSRF request and verifying that it is rejected.
Mattermost を最新バージョンにアップデートしてください。UpdateAccessControlPolicyActiveStatus エンドポイントの CSRF 脆弱性は、攻撃者が細工されたリクエストによって管理者を騙してアクセス制御ポリシーのアクティブステータスを変更することを可能にします。最新バージョンへのアップデートにより、CSRF トークンの検証が修正されます。
脆弱性分析と重要アラートをメールでお届けします。
CVE-2026-27659 is a CSRF vulnerability in Mattermost's access control policy activation endpoint, allowing attackers to manipulate policies through crafted requests. It affects versions 11.2.x <= 11.2.2, 10.11.x <= 10.11.10, 11.4.x <= 11.4.0, and 11.3.x <= 11.3.1.
You are affected if you are running Mattermost versions 11.2.x <= 11.2.2, 10.11.x <= 10.11.10, 11.4.x <= 11.4.0, or 11.3.x <= 11.3.1. Upgrade to 11.4.1 or later to mitigate the risk.
Upgrade Mattermost to version 11.4.1 or later. If immediate upgrade isn't possible, implement stricter authentication and authorization policies and educate administrators.
While no public exploits are currently known, the CSRF nature of the vulnerability means exploitation is possible. Monitor Mattermost forums and security mailing lists for updates.
You can find the official advisory on the Mattermost website: https://mattermost.com/security/advisories/MMSA-2026-00578
依存関係ファイルをアップロードすれば、このCVEや他のCVEがあなたに影響するか即座にわかります。
go.mod ファイルをアップロードすると、影響の有無を即座にお知らせします。